Description
csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Steve Gustin · textremotecgi
https://www.exploit-db.com/exploits/21354
References (4)
Core 4
Core References
Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4368
Product x_refsource_misc
http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7
Broken Link, Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/8636.php
Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/264169
Scores
EPSS
0.1515
EPSS Percentile
94.6%
Details
CWE
CWE-94
Status
published
Products (1)
cgiscript/cssearch_professional
< 2.3
Published
Aug 12, 2002
Tracked Since
Feb 18, 2026